2 



MS#304546.01(5098) 



Amendment to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of the Claims 

Claim 1 (currently amended): A method of managing consent between a client and a network 
server, said client and said network server being coupled to a data communication network, said 
network server providing a service to a user via the client, said client operating a browser 
configured to permit the user to communicate on the data communication network, said method 
comprising: 

maintaining a user profile associated with the user; 

receiving a request from the service provided by the network server for user information 
associated with the user and for consent to use the requested user information; 

determining, in response to the request for consent, if the requested user information is 
not included in the user profile; 

in response to the determining, providing a user interface via the browser to collect the 
requested user information that is not included in the user profile from the user; 

receiving the user information provided by the user via the user interface; 

updating the user profile with the received user information; and 

allowing access by the service to the received user information in the updated user profile 
whereby the user profile is updated with user information which in not included in the user 
profile when the request is received from the service so that the requested user information is 
accessible to the service . 

Claim 2 (canceled). 

Claim 3 (original): The method of claim 1, further comprising allowing, in response to the 
request for consent, access by the service to the requested user information if the user 
information is included in the user profile. 

Claim 4 (original): The method of claim 1, wherein the user profile is being maintained by a 
central server, said central server being coupled to the data communication network, and wherein 
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the user interface is being provided by the central server and displays user information 
previously included in the user profile. 

Claim 5 (original): The method of claim 1, wherein the user interface displays a user-selectable 
option for viewing intention information associated with the requested user information, said 
intention information describing how the requested user information will be used by the service 
provided by the network server. 

Claim 6 (original): The method of claim 5, further comprising providing an intention user 
interface via the browser for displaying the intention information, said intention user interface 
being provided in response to the user-selectable option being selected by the user. 

Claim 7 (original): The method of claim 6, wherein said intention user interface further displays 
retention information associated with the requested user information, said retention information 
specifying how long the requested user information will be retained by the service provided by 
the network server. 

Claim 8 (original): The method of claim 6, wherein the service provided by the network server is 
a member of a policy group, and wherein said intention user interface further displays a list of 
members of said policy group. 

Claim 9 (original): The method of claim 8, wherein said intention user interface further displays 
a second user-selectable option for viewing a privacy policy associated with said policy group, 
said privacy policy relating to how user information that the policy group is granted consent to 
use is to be protected. 

Claim 10 (original): The method of claim 9, further comprising providing a policy user interface 
via the browser for displaying the privacy policy, said policy user interface being provided in 
response to the second user-selectable option being selected by the user. 
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Claim 1 1 (original): The method of claim 1, wherein the service provided by the network is 
granted consent to use user information included in the user profile. 

Claim 12 (original): The method of claim 11, further comprising providing a revocation user 
interface via the browser for allowing the user to revoke consent for the service provided by the 
network server to use the user information included in the user profile, said revocation user 
interface displaying a list of services for which the user has granted consent to use the user 
information included in the user profile. 

Claim 13 (original): The method of claim 12, wherein said revocation user interface further 
displays a user-selectable option for revoking consent for the service provided by the network 
server to use the user information included in the user profile. 

Claim 14 (original): The method of claim 13, further comprising revoking consent for the service 
provided by the network server to use the user information included in the user profile in 
response to the user-selectable option being selected by the user. 

Claim 15 (original): The method of claim 1, further comprising providing an administrator user 
interface to a responsible person of the user in response to said receiving the user information 
provided by the user, said another user interface allowing the responsible person of the user to 
grant consent for the service provided by the network server to use the received user information. 

Claim 16 (original): The method of claim 15, wherein said allowing access by the service to the 
received user information comprises allowing access by the service to the received user 
information if consent for the service to use the received user information is granted by said 
responsible person. 

Claim 17 (original): The method of claim 15, wherein said responsible person is a parent of the 
user. 
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Claim 18 (currently amended): The method of claim 1, wherein one or more computer-readable 
storage media have computer-executable instructions for performing the method recited in claim 
L 

Claim 19 (currently amended): An authentication system comprising: 

an authentication server coupled to a data communication network, said authentication 
server including processor for executing computer-executable instructions; 

an authentication database associated with the authentication server, said authentication 
database being configured to execute computer-executable instructions for storing authentication 
information for comparison to login information provided by a user for authenticating the user, 
said authentication database further being configured to execute computer-executable 
instructions for storing user-specific information identifying the user with respect to one or more 
services provided by a plurality of affiliate servers coupled to the data communication network, 
said affiliate servers each being configured to execute computer-executable instructions for 
providing the one or more services to the user via a client coupled to the data communication 
network; 

said authentication server being configured to execute computer executable instructions 
for receiving a first request from the user for a service to be provided by a first affiliate server, 
said second affiliate server being one of the plurality of affiliate servers, said authentication 
server further being configured to execute computer executable instructions for authenticating 
the user responsive to the request when login information retrieved from the user via the data 
communication network matches the authentication information stored in the authentication 
database; 

said authentication server being further configured to execute computer executable 
instructions for maintaining a user profile storing the user-specific information, said user profile 
comprising a plurality of profile attributes, to receive a first request from the requested service 
for a first profile attribute associated with the profile of the user and consent to use the requested 
first profile attribute wherein the consent is limited to the first service, determining if the 
requested first profile attribute is not stored in the user profile in response to the first request for 
consent; 



6 



MS#304546.01(5098) 



said authentication server being further configured to execute computer executable 
instructions for providing a user interface to collect the requested first profile attribute that is not 
stored in the user profile from the user, receiving the first profile attribute provided by the user 
via the user interface in response, and allowing access by the requested service to the received 
first profile attribute wherein the user interface provided by the authentication server displays a 
user-selectable option for viewing intention information associated with the requested first 
profile attribute, said intention information describing how the requested first profile attribute 
will be used by the requested first service ; and 

said authentication server being further configured to execute computer executable 
instructions for updating the user profile with the received first profile attribute; 

wherein the authentication server being configured to execute computer executable 
instructions for receiving a second request from the user for a second service to be provided by a 
second affiliate server, said second affiliate server being one of the plurality of affiliate servers, 
said authentication server further being configured to execute computer executable instructions 
for authenticating the user responsive to the second request when login information retrieved 
from the user via the data communication network matches the authentication information stored 
in the authentication database; 

the authentication server is configured to execute computer executable instructions for 
receiving a request from the requested second service for a second profile attribute associated 
with the profile of the user and consent to use the requested second profile attribute wherein the 
consent is limited to the second service, to determine if the requested second profile attribute is 
stored in the user profile in response to the request for consent; 

said authentication server being further configured to execute computer executable 
instructions for providing a user interface to collect the requested second profile attribute that is 
not stored in the user profile from the user, receiving the second profile attribute provided by the 
user via the user interface in response, and allowing access by the requested second service to the 
received second profile attribute wherein the user interface provided by the authentication server 
displays a user-selectable option for viewing intention information associated with the requested 
second profile attribute, said intention information describing how the requested second profile 
attribute will be used by the requested second service ; and 
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said authentication server being further configured to execute computer executable 
instructions for updating the user profile with the received second profile attribute. 

Claim 20 (canceled). 

Claim 21 (previously presented): The system of claim 19, wherein the authentication server is 
configured to execute computer executable instructions for allowing, in response to the first 
request for consent, access by the requested service to the requested first profile attribute if the 
first profile attribute is stored in the user profile. 

Claim 22 (original): The system of claim 19, wherein the user interface provided by the 
authentication server displays the user-specific information previously stored in the user profile. 

Claim 23 (canceled). 

Claim 24 (previously presented): The system of claim 23, wherein the authentication server is 
configured to execute computer executable instructions for providing an intention user interface 
for displaying the intention information, said intention user interface being provided by the 
authentication server in response to the user-selectable option being selected by the user. 

Claim 25 (previously presented): The system of claim 24, wherein said intention user interface 
further displays retention information associated with the requested first profile attribute, said 
retention information specifying how long the requested first profile attribute will be retained by 
the requested service. 

Claim 26 (original): The system of claim 24, wherein the requested service is a member of a 
policy group, and wherein said intention user interface further displays a list of members of said 
policy group. 

Claim 27 (previously presented): The system of claim 19, wherein the requested service is 
granted consent to use the user- specific information stored in the user profile. 
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Claim 28 (previously presented): The system of claim 27, wherein the authentication server is 
configured to execute computer executable instructions for providing a revocation user interface 
for allowing the user to revoke consent for the requested service to use the user-specific 
information stored in the user profile, said revocation user interface displaying a list of services 
that the user has granted consent to use the user-specific information stored in the user profile. 

Claim 29 (previously presented): The system of claim 28, wherein said revocation user interface 
further displays a user-selectable option for revoking consent for the requested service to use the 
user-specific information stored in the user profile wherein the authentication server is 
configured to execute computer-executable instructions for to revoke consent for the requested 
service to use the user-specific information stored in the user profile in response to the use- 
selectable option being selected by the user. 

Claim 30 (canceled). 

Claim 31 (previously presented): The system of claim 19, wherein the authentication server is 
configured to execute computer executable instructions for providing an administrator user 
interface to a responsible person of the user in response to the received first profile attribute, said 
administrator user interface allowing the responsible person of the user to grant consent for the 
requested service to use the received first profile attribute. 

Claim 32 (previously presented): The system of claim 31, wherein the authentication server is 
configured to execute computer executable instructions for allowing access by the requested 
service to the received first profile attribute if consent for the requested service to use the 
received first profile attribute is granted by said responsible person. 

Claim 33 (currently amended): One or more computer-readable storage media having computer- 
executable components for managing consent between a client and at least one network server, 
said client and said network server being coupled to a data communication network, said 
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network server providing a plurality of services to a user via the client, said services being 
members of a policy group, said computer-readable media comprising: 

a profiling component for storing user-specific information associated with the user; 

a consent component for receiving a request from a first service provided by the network 
server for user information associated with the user and for consent to use the requested user 
information, said first service being a member of a first policy group, said consent component 
further determining if the requested user information is not stored in the profiling component in 
response to the request for consent; 

a user interface component for collecting the requested user information that is not 
included in the profiling component from the use r in response to the consent component 
determining the requested user information is not stored in the user profile ; and 

wherein the consent component is configured to receive the requested user information 
provided by the user via the user interface component; to store the received user information in 
the profiling component; to allow access to each member service of the first policy group to the 
received user information; and to deny access by each service which is not a member of the first 
policy group to the received user information. 

Claim 34 (canceled). 

Claim 35 (previously presented): The computer-readable storage media of claim 33, wherein the 
user interface component is configured to display the user-specific information previously stored 
in the profiling component. 

Claim 36 (previously presented): The computer-readable storage media of claim 33, further 
comprising a reviewing component for displaying intention information associated with the user 
information, said intention information describing how the user information will be used by the 
first service provided by the network server. 

Claim 37 (previously presented): The computer-readable storage media of claim 36, wherein the 
reviewing component is configured to display retention information associated with the user 
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information, said retention information specifying how long the user information will be retained 
by the first service provided by the network server. 

Claim 38 (previously presented): The computer-readable storage media of claim 36, wherein the 
reviewing component is configured to display a list of member services of said policy group. 

Claim 39 (previously presented): The computer-readable storage media of claim 33, further 
comprising a revoking component for allowing the user to revoke consent for the first service 
provided by the network server to use the user-specific information stored in the profiling 
component, said revoking component displaying a list of member services that the user has 
granted consent to use the user- specific information stored in the profiling component. 

Claim 40 (previously presented): The computer-readable storage media of claim 33, further 
comprising a managed-consent component for providing the received user information to a 
responsible person of the user to allow the responsible person of the user to grant consent for the 
first service provided by the network server to use the received user information. 



